I would start looking for all updated drivers for network cards wired and wireless, glide driver/software, webcam software (if there is one built in), sound card, you already did video, chipset drivers from manufacturer. Sometimes those drivers get overwritten by bad stuff when computers get hit.

That's just a start.

What virii/malware did the rescue CD find, and was it able to remove it?

I am sure Corrine would say we are gonna need some scan results -- like the ones Corrine had alphaomega do on his potentially infected Windows computer.

I had an XP Pro 64-bit system that absolutely loathed a Microsoft Keyboard and a Logitec Webcam (after market USB model). No malware at all. Just hated the drivers.

Yes, I agree. But whether it is a leftover problem due to a removed driver that may have been infected remains to be seen.

Obviously something appears to be addressing the wrong memory space and it's likely a driver problem.

I would get any updates you can to the drivers I mentioned. And go from there. You could also start disabling drivers for anything you can, but I think replacing drivers by getting updated drivers where possible (makes it easier for Windows to allow an overwrite if there's an updated driver rather than complaining that you already have that driver -- Catch 22).

There were 7 trojans found by AVG. I was able to clean out the files, and a subsequent scan revealed they were gone.

I highly doubt the machine is suffering from any kind of infection any more. The error messages from Event Viewer really point to the ntoskernel, not anything else.

I am really thinking it is a driver/hardware issue.

Adam

I'd be happy to review logs if you wish. Otherwise, the #1 place to get help with BSOD's/driver issues is Sysnative Forums. It is a new forum I've been helping set up the last couple of months. The other sites that provide help with these issues use the information and tools collected/created by the founders of Sysnative.com.

If you wish to confirm your computer is clean, please do the following:

I ran the first tool, and will upload it sometime this afternoon when I am home from work.I don't think the computer is infected any more, but I am fairly certain the BSODs were not being caused by the virii.

The bugcheck is likely 0xa or 0xd1 (memory improperly referenced or bad memory referenced) and can be a driver issue.

If the BSODs are being caused by a 3rd party driver, Driver Verifier can help. If D/V finds a violation, it will flag the driver and force the system to BSOD and add additional information to the dump file.

D/V needs to run for 24 hours minimum or BSOD - whichever is 1st. You can use the system while D/V runs in the background, but be sure to save your work often as a BSOD may occur at any time.

I posted your log here as it is much easier for comparison after the next step, seeing as how I see a trojan in your log.

I'll just post my "mini-lecture" about Bit Torrent. At most security sites, it is required that any P2P programs be uninstalled before moving to the next step. In this case, however, I'll just ask that you refrain from using it until we've finished.

A strong word of caution: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft. P2P Dangers Have Not Gone Away

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.

Double-click ComboFix.exe on your desktop and follow the prompts.

As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.

When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

This is not my machine, but a co-workers. I use bittorrent, but on a linux system, with a few safeguards set up. I know P2P stuff can be dangerous if not managed properly.

What trojan is present? I found a few with AVG Rescue CD, and it said the drive was clean. The virus definition date was 27 Mar 12.

In any case, the master boot record is broken now. I ran Windows update on the machine, and enabled the Driver Verifier settings per post #11, and when I went to reboot, I got the message that no boot device was found. Checking the drive in linux revealed there were no partitions available. SpinRite said the same thing.

Right now, I am running a demo of Active Partition Recovery on the drive to see if it can "discover" the partitions. I know the demo will no write anything to the drive, but at least I might be able to see if it is recoverable.

I've seen too many instances of AVG not doing a very good job of cleaning and March 27 is a rather old date for definitions. The correct location for svchost.exe is System32, not Windows: C:\Windows\svchost.exe

I'll give bootrec.exe a try when Active Partition Recovery completed. It won't be able to fix anything, since it is only the demo. I just wanted to see if it could potentially "discover" the partitions.

I knew that AVG was a bit slower getting definitions out into the field, but I had not heard it was fairly solid otherwise, aside from being a bit of a resource hog at times.